Bug 733685 - CreateObject() pretends creation of reused objects because CKFW refuses previously seen objects
Summary: CreateObject() pretends creation of reused objects because CKFW refuses previ...
Keywords:
Status: ASSIGNED
Alias: None
Product: Fedora
Classification: Fedora
Component: nss-pem
Version: 29
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Kamil Dudka
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 702083 733657 733749 733752 746629 1002271
TreeView+ depends on / blocked
 
Reported: 2011-08-26 13:50 UTC by Kamil Dudka
Modified: 2019-03-06 14:14 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 733657
: 754771 (view as bug list)
Environment:
Last Closed: 2018-05-29 11:55:56 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1057388 None CLOSED Unbounded memory usage involving libcurl and NSS [rhel-6] 2019-08-22 13:06:24 UTC

Internal Links: 1057388

Description Kamil Dudka 2011-08-26 13:50:45 UTC
+++ This bug was initially created as a clone of Bug #733657 +++

Description of problem:
File base names are not globally unique.  Their collisions cause us problems.


Version-Release number of selected component (if applicable):
curl-7.21.7-4.fc17


Steps to Reproduce:
1. load two client certificates from file with the same file base names


Actual results:
nickname collision


Additional info:
The same problem occurs when the contents of a file is changed meanwhile.

Comment 1 Kamil Dudka 2011-08-26 13:52:53 UTC
I needed the following patch:

diff --git a/pinst.c b/pinst.c
index 70f5f4e..d35d7cf 100644
--- a/pinst.c
+++ b/pinst.c
@@ -349,6 +349,9 @@ AddObjectIfNeeded(CK_OBJECT_CLASS objClass,
     if (io == NULL)
         return NULL;

+    /* initialize pointers to functions */
+    pem_CreateMDObject(NULL, io, NULL);
+
     io->gobjIndex = count;

     /* add object to global array */


... to get over the following crash:

#0  0x0000000000000000 in ?? ()
#1  0x00007ffff04bd4f7 in pem_mdObject_GetAttributeSize (mdObject=0x721b60, ...)
#2  0x00007ffff04c2c9e in nssCKFWObject_GetAttributeSize (fwObject=0x6fb9c0,...)
#3  0x00007ffff04cbec7 in NSSCKFWC_GetAttributeValue (fwInstance=0x6f6580, ...)
#4  0x00007ffff04b8eaa in pemC_GetAttributeValue (hSession=2, hObject=2, ...)
#5  0x00007ffff75904e2 in PK11_ReadAttribute (slot=0x6fa700, id=2, type=17, ...)
#6  0x00007ffff75930cb in PK11_ReadRawAttribute (objType=PK11_TypeGeneric, ...)
#7  0x00007ffff7dc7e2d in SelectClientCert (arg=0x62efe8, sock=0x7207b0, ...)

Comment 2 Elio Maldonado Batiz 2011-08-26 17:04:05 UTC
Ah, we now add to the global internal list a fully constructed object. The invocation of pem_CreateMDObject(NULL, io, NULL); is solely for it's side effect of setting the function pointers so a (void) cast seems in order.  Additionally, the (void) pem_CreateMDObject(NULL, io, NULL); could be inside CreateObject itself.

At some point should analyze why need CreateObject and pem_createObject. That's food for the upstream work, not now.

Comment 3 Kamil Dudka 2011-09-06 15:56:07 UTC
Elio, any idea how to get libcurl working without the patched NSS?  We need a workaround at least for upstream.  Forcing libcurl users to upgrade NSS in order to avoid the crash is not acceptable.

Comment 4 Kamil Dudka 2011-09-06 16:38:01 UTC
Just hacked up a "workaround":

    attachment #521708 [details]

But, to be honest, I cannot explain how it works without further debugging...

Comment 5 Kamil Dudka 2011-09-08 15:09:51 UTC
I had hard times debugging this again.  Could somebody explain me why we need to create those _artificial_ objects in AddObjectIfNeeded() at all?  Is there any way to force NSSCKFWC_CreateObject() to accept an existing object from NSSCKMDSession::CreateObject?

Comment 6 Elio Maldonado Batiz 2011-09-14 17:34:12 UTC
Your comment regarding the need for the odd AddObjectIfNeeded  https://bugzilla.mozilla.org/show_bug.cgi?id=402712#c58
seem related. I'm still educating myself on the ways of the framework.

Comment 7 Kamil Dudka 2011-09-14 18:49:24 UTC
Indeed.  The the trick with allocating "transparent" objects, just to obtain a fresh pointer for ckfw to pretend we really created an object, was an _emergency_ workaround to unbreak Fedora after the premature libcurl migration to NSS two years ago.  Unfortunately, nobody cared enough to come with a real solution since then.  If we find the solution now, I believe it will solve a lot of problems we would need solve anyway.

Comment 8 Dan Winship 2011-11-17 15:53:23 UTC
(In reply to comment #4)
> Just hacked up a "workaround":
> 
>     attachment #521708 [details]
> 
> But, to be honest, I cannot explain how it works without further debugging...

FTR, it works because it eventually invokes pem_mdFindObjects_Next(), which calls pem_CreateMDObject() on the internal object it returns.

(should this bug have a different summary?)

Comment 9 Kamil Dudka 2011-11-17 17:12:55 UTC
(In reply to comment #8)
> FTR, it works because it eventually invokes pem_mdFindObjects_Next(), which
> calls pem_CreateMDObject() on the internal object it returns.

Although I have not seen the code for quite some time, your explanation sounds reasonable to me.

> (should this bug have a different summary?)

I will split this bug into two smaller ones.  Hopefully it will help to get my one-line patch in.

Comment 10 Kamil Dudka 2011-11-17 17:20:38 UTC
(In reply to comment #9)
> I will split this bug into two smaller ones.  Hopefully it will help to get my
> one-line patch in.

    bug 754771 - [PEM] an unregistered callback causes a SIGSEGV

I will keep this one open to get the bigger problem fixed.

Comment 11 Fedora End Of Life 2013-04-03 18:14:04 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19

Comment 12 Fedora End Of Life 2015-01-09 16:45:40 UTC
This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 13 Jan Kurik 2015-07-15 15:14:22 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle.
Changing version to '23'.

(As we did not run this process for some time, it could affect also pre-Fedora 23 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23

Comment 14 Fedora Admin XMLRPC Client 2016-08-15 15:53:12 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 15 Fedora End Of Life 2016-11-24 10:33:58 UTC
This message is a reminder that Fedora 23 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 23. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '23'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 23 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 16 Fedora End Of Life 2017-02-28 09:30:00 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle.
Changing version to '26'.

Comment 17 Fedora End Of Life 2018-05-03 08:13:45 UTC
This message is a reminder that Fedora 26 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 26. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as EOL if it remains open with a Fedora  'version'
of '26'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version'
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not
able to fix it before Fedora 26 is end of life. If you would still like
to see this bug fixed and are able to reproduce it against a later version
of Fedora, you are encouraged  change the 'version' to a later Fedora
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's
lifetime, sometimes those efforts are overtaken by events. Often a
more recent Fedora release includes newer upstream software that fixes
bugs or makes them obsolete.

Comment 18 Fedora End Of Life 2018-05-29 11:55:56 UTC
Fedora 26 changed to end-of-life (EOL) status on 2018-05-29. Fedora 26
is no longer maintained, which means that it will not receive any
further security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

Comment 19 Kamil Dudka 2018-05-29 12:24:09 UTC
not yet fixed

Comment 20 Jan Kurik 2018-08-14 11:12:24 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 29 development cycle.
Changing version to '29'.


Note You need to log in before you can comment on or make changes to this bug.